Sample viewer

vx.netlux.org/Virus.DOS.June16.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:03:40.978905993Z	25	PC: 12aa6 \| Get default drive
2018-12-17T22:03:40.980478006Z	26	PC: 12b74 \| Set disk transfer address
2018-12-17T22:03:40.9817432Z	78	PC: 12b82 \| Find first file
2018-12-17T22:03:40.987656353Z	61	PC: 12ce0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:03:40.994244525Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:40.995607848Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:40.996826595Z	63	PC: 12c8d \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T22:03:41.00351243Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.005151821Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.020652986Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.022224331Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.030909561Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.039039119Z	61	PC: 12ce0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:03:41.045766404Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.051768778Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.058612202Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.061320337Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:03:41.068302393Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.069671268Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.070916778Z	63	PC: 12c8d \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:03:41.077878621Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.079481273Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.259503726Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.261375163Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.35773576Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.409032509Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:03:41.416518261Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.41813607Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.425416805Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.42914124Z	61	PC: 12ce0 \| Open file (Filename = 'A:\HELLO.COM')
2018-12-17T22:03:41.435708613Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.437091168Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.439117188Z	63	PC: 12c8d \| Read file or device (Read 92 bytes on handle 5)
2018-12-17T22:03:41.445518923Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.447217174Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.456821446Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.458807889Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.468263246Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.478578724Z	61	PC: 12ce0 \| Open file (Filename = 'A:\HELLO.COM')
2018-12-17T22:03:41.486166502Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.487731326Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.494925649Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.498473816Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PHANG.COM')
2018-12-17T22:03:41.505136283Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.506482596Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.508781218Z	63	PC: 12c8d \| Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:03:41.515058857Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.516744999Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.526228912Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.527965166Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.536616933Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.545860207Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PHANG.COM')
2018-12-17T22:03:41.552752591Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.554550077Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.562578392Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.565300787Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PRINTA~1.COM')
2018-12-17T22:03:41.569401574Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.570626602Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.571784247Z	63	PC: 12c8d \| Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:03:41.575752136Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.577015496Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.582680974Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.583644046Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.589375021Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.595116516Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PRINTA~1.COM')
2018-12-17T22:03:41.599416308Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.600796688Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.605934754Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.608757234Z	61	PC: 12ce0 \| Open file (Filename = 'A:\MANDEL.COM')
2018-12-17T22:03:41.616633038Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.618817334Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.620198806Z	63	PC: 12c8d \| Read file or device (Read 501 bytes on handle 5)
2018-12-17T22:03:41.626181329Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.628990052Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.638371881Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.640072591Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.649923457Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.657902417Z	61	PC: 12ce0 \| Open file (Filename = 'A:\MANDEL.COM')
2018-12-17T22:03:41.664321251Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.666579749Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.673682327Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.67642191Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PAH.COM')
2018-12-17T22:03:41.68293212Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.684282232Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.685557709Z	63	PC: 12c8d \| Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:03:41.692073889Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.693657871Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.701957333Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.703848479Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-17T22:03:41.712183227Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.719827385Z	61	PC: 12ce0 \| Open file (Filename = 'A:\PAH.COM')
2018-12-17T22:03:41.727094465Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.728843084Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.735704568Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.739292434Z	61	PC: 12ce0 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:03:41.745739838Z	87	PC: 12c21 \| Get or set file date and time
2018-12-17T22:03:41.747193403Z	66	PC: 12ceb \| Move file pointer
2018-12-17T22:03:41.76694671Z	63	PC: 12c44 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:03:41.774076755Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.775856341Z	61	PC: 12ce0 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:03:41.783912862Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:03:41.785430703Z	62	PC: 12ce5 \| Close file
2018-12-17T22:03:41.792387746Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.795966678Z	26	PC: 12b74 \| Set disk transfer address
2018-12-17T22:03:41.797065743Z	78	PC: 12b82 \| Find first file
2018-12-17T22:03:41.802714397Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.805740856Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.808182189Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.811033673Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.814161141Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.8165931Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.819021827Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.822037708Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.824482841Z	79	PC: 12b94 \| Find next file
2018-12-17T22:03:41.826654661Z	42	PC: 12ac2 \| Get date 0x12ac2: cmp dx, 0x610 0x12ac6: jne 0x12acb 0x12ac8: call 0x12cec 0x12acb: cld 0x12acc: mov si, 0x1a8 0x12acf: mov di, word ptr [0x11f] 0x12ad3: add di, 0x36f 0x12ad7: push di 0x12ad8: mov cx, 0x13 0x12adb: rep movsb byte ptr es:[di], byte ptr [si] 0x12add: pop ax 0x12ade: push ax 0x12adf: sub ax, 0x1a8 0x12ae2: mov word ptr [0x1a6], ax 0x12ae5: jmp 0x12ae8 0x12ae8: pop bx 0x12ae9: add bx, 0xa 0x12aed: mov si, word ptr [0x11f] 0x12af1: mov di, 0x100 0x12af4: mov cx, 0x36f

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1524,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:53.734290403Z	25	PC: 12aa6 \| Get default drive
2018-12-25T11:43:53.736185052Z	26	PC: 12b74 \| Set disk transfer address
2018-12-25T11:43:53.74026973Z	78	PC: 12b82 \| Find first file
2018-12-25T11:43:53.748915917Z	61	PC: 12ce0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-25T11:43:53.757513887Z	87	PC: 12c21 \| Get or set file date and time
2018-12-25T11:43:53.759471277Z	66	PC: 12ceb \| Move file pointer
2018-12-25T11:43:53.761489453Z	63	PC: 12c8d \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T11:43:53.768753685Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.770826999Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-25T11:43:53.786137914Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.788871557Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-25T11:43:53.799201155Z	62	PC: 12ce5 \| Close file
2018-12-25T11:43:53.812338939Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.820144946Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T11:43:53.822272186Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.830302715Z	79	PC: 12b94 \| Find next file
2018-12-25T11:43:53.83387632Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.842014023Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:53.844165685Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.845679054Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:53.853393907Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.8554109Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:53.865184284Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.867655012Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:53.877477306Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.887919772Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.896231883Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:53.898523756Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.906558513Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:53.910231975Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.921846301Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:53.92463756Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.926447226Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:53.934505333Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.936604296Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:53.946765431Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.949273551Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:53.958737556Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.968054696Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.976665293Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:53.978362729Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.986075773Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:53.989892047Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.997081628Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:53.99868105Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.000424504Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.008045492Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.010245663Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.020636762Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.028339478Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.037845304Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.047127441Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.055571673Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.057303021Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.065911365Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.070055928Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.078157878Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.079747567Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.082056179Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.089057412Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.091862567Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.101192413Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.103710416Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.11325336Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.122538328Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.131339121Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.133298196Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.140979409Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.147348551Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.156244956Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.158461515Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.161453993Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.169508753Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.171896812Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.181507097Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.183922369Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.20336946Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.212478003Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.220035043Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.221662533Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.229323698Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.232712728Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.239809315Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.241372438Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.243805549Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.250845639Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.252907367Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.262548575Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.264502203Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.274226543Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.285053603Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.293020686Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.295160437Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.303432234Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.307195396Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.314442572Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.31616164Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.31933676Z	63	PC: 12c44 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:43:54.322905277Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.325377321Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.33401384Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.336453244Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.347571428Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.351470596Z	26	PC: 12b74 \| Set disk transfer address (See above)
2018-12-25T11:43:54.353428999Z	78	PC: 12b82 \| Find first file (See above)
2018-12-25T11:43:54.360358742Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.364261718Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.368287873Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.371411766Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.374562609Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.37846405Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.382156975Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.385300707Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.389276798Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.392476494Z	42	PC: 12ac2 \| Get date 0x12ac2: cmp dx, 0x610 0x12ac6: jne 0x12acb 0x12ac8: call 0x12cec 0x12acb: cld 0x12acc: mov si, 0x1a8 0x12acf: mov di, word ptr [0x11f] 0x12ad3: add di, 0x36f 0x12ad7: push di 0x12ad8: mov cx, 0x13 0x12adb: rep movsb byte ptr es:[di], byte ptr [si] 0x12add: pop ax 0x12ade: push ax 0x12adf: sub ax, 0x1a8 0x12ae2: mov word ptr [0x1a6], ax 0x12ae5: jmp 0x12ae8 0x12ae8: pop bx 0x12ae9: add bx, 0xa 0x12aed: mov si, word ptr [0x11f] 0x12af1: mov di, 0x100 0x12af4: mov cx, 0x36f

{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1524,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:53.780749908Z	25	PC: 12aa6 \| Get default drive
2018-12-25T11:43:53.783489921Z	26	PC: 12b74 \| Set disk transfer address
2018-12-25T11:43:53.78465452Z	78	PC: 12b82 \| Find first file
2018-12-25T11:43:53.790705914Z	61	PC: 12ce0 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-25T11:43:53.800580904Z	87	PC: 12c21 \| Get or set file date and time
2018-12-25T11:43:53.802838804Z	66	PC: 12ceb \| Move file pointer
2018-12-25T11:43:53.804810028Z	63	PC: 12c8d \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T11:43:53.818631864Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.821217368Z	64	PC: 12d98 \| Write file or device (Write 879 bytes on handle 5)
2018-12-25T11:43:53.837627991Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.839488757Z	64	PC: 12ca2 \| Write file or device (Write 879 bytes on handle 5)
2018-12-25T11:43:53.849025568Z	62	PC: 12ce5 \| Close file
2018-12-25T11:43:53.857105564Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.863882294Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T11:43:53.866444598Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.873133375Z	79	PC: 12b94 \| Find next file
2018-12-25T11:43:53.876070432Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.883191245Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:53.884870514Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.886464333Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:53.894049627Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.896081341Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:53.904476509Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.906996923Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:53.915286452Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.923090338Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.929944533Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:53.94665889Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:53.953660282Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:53.95787283Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:53.964710667Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:53.96643703Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.968335255Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:53.975045968Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.976747521Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:53.985111878Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:53.987252338Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:53.995782338Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.003587778Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.010812815Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.012445259Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.019759624Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.02400977Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.030541073Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.032089864Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.034366785Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.040758893Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.042555372Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.051719442Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.053099132Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.061327071Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.069899485Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.07637611Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.077745654Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.084979076Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.088365566Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.094598961Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.095892099Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.097939233Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.104028576Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.105566796Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.114532806Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.115794852Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.124173671Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.132856128Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.139570628Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.141179904Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.148845444Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.151463674Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.158394995Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.161026388Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.162531747Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.168867727Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.171404583Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.179587531Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.180916894Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.18976105Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.197668594Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.20410466Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.205999062Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.21271401Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.215311749Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.222842437Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.224254667Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.225616437Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T11:43:54.229757677Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.231061339Z	64	PC: 12d98 \| Write file or device (See above)
2018-12-25T11:43:54.236148344Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.237213442Z	64	PC: 12ca2 \| Write file or device (See above)
2018-12-25T11:43:54.242808222Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.250468647Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.256818536Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.258513522Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.265105843Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.267787453Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.274307515Z	87	PC: 12c21 \| Get or set file date and time (See above)
2018-12-25T11:43:54.275574304Z	66	PC: 12ceb \| Move file pointer (See above)
2018-12-25T11:43:54.276897945Z	63	PC: 12c44 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:43:54.279504535Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.281072658Z	61	PC: 12ce0 \| Open file (See above)
2018-12-25T11:43:54.292424113Z	87	PC: 12cb9 \| Get or set file date and time (See above)
2018-12-25T11:43:54.293975311Z	62	PC: 12ce5 \| Close file (See above)
2018-12-25T11:43:54.300479853Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.302688673Z	26	PC: 12b74 \| Set disk transfer address (See above)
2018-12-25T11:43:54.304196264Z	78	PC: 12b82 \| Find first file (See above)
2018-12-25T11:43:54.308078596Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.310473572Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.313243683Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.315537961Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.31799807Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.320628621Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.322902619Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.325301614Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.327994506Z	79	PC: 12b94 \| Find next file (See above)
2018-12-25T11:43:54.329949145Z	42	PC: 12ac2 \| Get date 0x12ac2: cmp dx, 0x610 0x12ac6: jne 0x12acb 0x12ac8: call 0x12cec 0x12acb: cld 0x12acc: mov si, 0x1a8 0x12acf: mov di, word ptr [0x11f] 0x12ad3: add di, 0x36f 0x12ad7: push di 0x12ad8: mov cx, 0x13 0x12adb: rep movsb byte ptr es:[di], byte ptr [si] 0x12add: pop ax 0x12ade: push ax 0x12adf: sub ax, 0x1a8 0x12ae2: mov word ptr [0x1a6], ax 0x12ae5: jmp 0x12ae8 0x12ae8: pop bx 0x12ae9: add bx, 0xa 0x12aed: mov si, word ptr [0x11f] 0x12af1: mov di, 0x100 0x12af4: mov cx, 0x36f
2018-12-25T11:43:54.332440469Z	50	PC: 12d06 \| Get disk parameter block for specified drive